$HOME/hosts/desktop/configuration.nix

configuration.nix

{ config, lib, pkgs, helix, ... }:

{
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ../../openrgb
    ];

  nix.settings = {
    experimental-features = [ "nix-command" "flakes" ];
    trusted-users = [ "mikelane" "@wheel" ];
    auto-optimise-store = true;
  };

  hardware = {
    i2c.enable = true;

    nvidia = {
      modesetting.enable = true;
      powerManagement.enable = false;
      powerManagement.finegrained = false;

      open = true;

      prime = {
        sync.enable = true;

        amdgpuBusId = "PCI:18:0:0";
        nvidiaBusId = "PCI:1:0:0";
      };

      nvidiaSettings = true;

      package = config.boot.kernelPackages.nvidiaPackages.beta;
    };

    opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
    };

    pulseaudio.enable = false;
  };

  # Bootloader.
  boot = {
    kernelModules = [ "i2c-dev" "i2c-piix4" "igc" ];

    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
  };

  networking.hostName = "desktop"; # Define your hostname.

  networking.networkmanager.enable = true;

  time.timeZone = "America/Los_Angeles";

  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      LC_ADDRESS = "en_US.UTF-8";
      LC_IDENTIFICATION = "en_US.UTF-8";
      LC_MEASUREMENT = "en_US.UTF-8";
      LC_MONETARY = "en_US.UTF-8";
      LC_NAME = "en_US.UTF-8";
      LC_NUMERIC = "en_US.UTF-8";
      LC_PAPER = "en_US.UTF-8";
      LC_TELEPHONE = "en_US.UTF-8";
      LC_TIME = "en_US.UTF-8";
    };
  };

  sound.enable = true;

  virtualisation.docker.enable = true;

  programs = {
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryPackage = lib.mkForce pkgs.pinentry-qt;
    };

    tmux = {
      enable = true;
      clock24 = true;
    };

    mtr.enable = true;
    zsh.enable = true;
  };

  users = {
    defaultUserShell = pkgs.zsh;
    users.mikelane = {
      isNormalUser = true;
      description = "mikelane";
      extraGroups = [ "networkmanager" "wheel" "docker" "input" ];
    };
  };

  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.permittedInsecurePackages = [
    "nix-2.15.3"
  ];

  environment = {
    shells = with pkgs; [ zsh ];

    shellAliases = {
      pbcopy = "xclip -sel clip";
      pbpaste = "xclip -selection clipboard -o";
    };

    pathsToLink = [ "~/.zsh/completions" ];

    systemPackages = with pkgs; [
      age
      curl
      gcc
      git
      git-credential-1password
      glxinfo
      (jetbrains.plugins.addPlugins jetbrains.datagrip [ "github-copilot" ])
      (jetbrains.plugins.addPlugins jetbrains.idea-ultimate [ "github-copilot" ])
      jetbrains.jdk
      (jetbrains.plugins.addPlugins jetbrains.pycharm-professional [ "github-copilot" "nixidea" ])
      (jetbrains.plugins.addPlugins jetbrains.webstorm [ "github-copilot" ])
      jetbrains-toolbox
      openrgb-with-all-plugins
      openssl
      pciutils
      wget
      xclip
    ];

    variables = {
      EDITOR = "nvim";
      HOSTNAME = "desktop";
      FART = "9001";
    };
  };

  age.secrets = {
    openai_api_key = {
      file = ../../secrets/openai_api_key.age;
      owner = "mikelane";
      group = "wheel";
      mode = "440";
    };
  };

  fonts.packages = with pkgs; [
    nerdfonts
  ];

  services = {
    blueman.enable = true; # pair and manage bluetooth devices
    openssh.enable = true; # Enable the OpenSSH daemon.

    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      jack.enable = true;
    };

    printing.enable = true; # Enable CUPS to print documents.

    udev.extraRules = ''
      SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660"
      SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
      KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
    '';

    xserver = {
      enable = true;
      xkb = {
        layout = "us";
        variant = "";
      };

      videoDrivers = [ "nvidia" ];

      displayManager.sddm.enable = true;
      desktopManager.plasma5.enable = true;
    };
  };

  security = {
    pam.loginLimits = [{
      domain = "*";
      type = "soft";
      item = "nofile";
      value = "65536";
    }];

    # NOTE: You must copy these files from github:RewstApp/infrastructure/development/certs
    #  to be in the same directory as the configuration.nix file in order for these certs
    #  to be added properly. They will get concatenated into /etc/ssl/certs/ca-certificates.crt
    # Ref: https://search.nixos.org/options?channel=unstable&show=security.pki.certificateFiles&from=0&size=50&sort=relevance&type=packages&query=security.pki.certificateFiles
    pki.certificateFiles = [
      ../../rewst/nginx/certs/trust-root-ca.pem
    ];

    polkit.enable = true;
    rtkit.enable = true;
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?

}